Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-29233 EXPLOITDB MEDIUM text VERIFIED
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Page Description
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 5.4
CVE-2020-15929 EXPLOITDB CRITICAL text
Ortus TestBox 2.4.0-4.1.0 - Remote Code Execution via HTMLRunner.cfm Query Parameters
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
by Darren King
CVSS 9.8
CVE-2020-15928 EXPLOITDB MEDIUM text
Ortus TestBox 2.4.0-4.1.0 - Path Traversal via test-browser/index.cfm Query Parameters
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
by Darren King
CVSS 5.3
CVE-2020-28091 EXPLOITDB HIGH text
cxuucms v3 - SQL Injection via search.php Keywords Parameter
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
by icekam
CVSS 7.5
CVE-2020-28092 EXPLOITDB MEDIUM text
PESCMS Team 2.3.2 - Reflected Cross-Site Scripting via ID Parameter
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
by icekam
CVSS 6.1
EIP-2026-104348 EXPLOITDB text
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting
by Emre ÖVÜNÇ
EIP-2026-114275 EXPLOITDB text
Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)
by ZwX
CVE-2020-25820 EXPLOITDB MEDIUM text
BigBlueButton < 2.2.27 - Authenticated Server-Side Request Forgery via ODF xlink Field
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
by RedTeam Pentesting GmbH
CVSS 6.5
CVE-2020-37233 EXPLOITDB MEDIUM text
WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting
WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like onload that execute when administrators or privileged users preview or view the affected page content, enabling session hijacking and persistent phishing attacks.
by Vulnerability-Lab
CVSS 6.4
CVE-2020-36978 EXPLOITDB MEDIUM text
Froxlor Server Management Panel <0.10.16 - XSS
Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules.
by Vulnerability-Lab
CVSS 6.4
CVE-2020-35263 EXPLOITDB CRITICAL text
EgavilanMedia User Registration & Login System 1.0 - SQL Injection in Admin Panel
EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution.
by Kislay Kumar
CVSS 9.8
CVE-2020-29168 EXPLOITDB CRITICAL text
Online Doctor Appointment Booking System - SQL Injection via q Parameter in getuser.php
SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.
by Ramil Mustafayev
CVSS 9.8
CVE-2020-0674 EXPLOITDB HIGH text
Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
by maxpl0it
CVSS 7.5
EIP-2026-117406 EXPLOITDB text
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path
by Gerardo González
EIP-2026-112472 EXPLOITDB text
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-108130 EXPLOITDB text
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2020-37232 EXPLOITDB HIGH text
Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSystem privileges during service startup or system reboot.
by Jair Amezcua
CVSS 7.8
CVE-2020-36979 EXPLOITDB HIGH text
Atheros Coex Service App 8.0.0.255 - Privilege Escalation
Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.
by Isabel Lopez
CVSS 7.8
CVE-2020-36970 EXPLOITDB HIGH text
PMB Services 5.6 - Path Traversal and Arbitrary File Read via getgif.php chemin Parameter
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
by 41-trk
CVSS 8.4
CVE-2020-25952 EXPLOITDB CRITICAL text
PHPGurukul User Registration & Login and User Management System 2.1 - SQL Injection
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Mayur Parmar
CVSS 9.8
CVE-2020-29287 EXPLOITDB CRITICAL text
Car Rental Management System <1.0 - SQL Injection
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
by Mehmet Kelepçe
CVSS 9.8
EIP-2026-117423 EXPLOITDB text
Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path
by Jair Amezcua
EIP-2026-117385 EXPLOITDB text
KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path
by IRVIN GIL
EIP-2026-113182 EXPLOITDB text
Water Billing System 1.0 - 'id' SQL Injection (Authenticated)
by Mehmet Kelepçe
EIP-2026-110460 EXPLOITDB text
Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)
by Matthew Aberegg
By Source
All 31,386 Writeup 62,344 Exploitdb 50,076 Nomisec 22,425 Github 3,649 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,585 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25